I’m currently testing a setup where a syslog-ng client is shipping its logs to an Haproxy syslog forwarding endpoint which then forwards to a remote syslog-ng server. The logs arrive at the destination but unfortunately it appears the structured data is stripped (SDATA) therefore some important meta info is missing when the logs are being written on the remote syslog-ng server. I’ve searched and I can’t seem to find any options relating to this. Is this potentially a missing feature or am I missing some other configuration setting on my haproxy log-forward configuration?
I appreciate the help.
Thank you.
I’m unable to reproduce, it works for me.
Can you share your exact haproxy version and configuration?
The HAProxy configuration I currently have for this log-forwarding endpoint is the following:
ring logbuffer-syslog-system
description "buffer for host system logs"
format rfc3164
maxlen 1200
size 32764
timeout connect 5s
timeout server 10s
server syslog-ng-server01 <PRIVATE_IP>:514 send-proxy maxconn 200
log-forward syslog-system
bind 0.0.0.0:514
log ring@logbuffer-syslog-system local0
For reference, the flow of logs are as follows:
syslog-ng client → HAproxy log-forward endpoint → syslog-ng server
Sdata support was introduced in RFC5424 however you are forcing the old BSD style syslogs as defined in RFC3164.
Upgrade it to rfc5424.
Good catch, this resolved my issue! Thanks for your help.
1 Like